This thread is a follow-up of the previous thread I created, regarding a lost XRP deposit. For those who haven't read it and have limited time, I'll summarize.
(
https://bitcointalksearch.org/topic/ripple-deposit-never-received-5408926)
I tried depositing XRP from Kraken to Binance, my deposit was never credited to my account and got me frustrated, thinking I've done something wrong. After several users suggested, I contacted Binance, and they told me that this wasn't their XRP address and recommended me to install Binance's app on my phone. To my surprise, the address I had on my phone was different from the one in my computer. Same thing occurred if I tried depositing other coins, such as BTC or ETH. I was baffled, the support agent mentioned that it's probably a malware on my computer.
I started with antivirus scans using Windows Defender and Malwarebytes, however, both showed no results. A few users suggested that it could be an extension on Chrome, decided to check, but nothing looked suspicious at first.
Google Sheets, Zen Mate, Ublock, Grammarly etc… Nothing suspicious, right? Except the fact that I don't recall installing the Google Sheets extension, but didn't think much of it, since I use Google services a lot (Drive, Docs, Excel), but noticed that for some strange reason, the name was grayed out, but the other extensions weren't.
I deleted the extension and Binance is now showing the proper address. Upon further investigation and opening its source file, it has a Javascript code that switches coin addresses with the scammer's address. On top of that, whenever I searched the scammer's XRP or BTC address, the tab would crash.
The issue is that I don't recall installing something like this on my own, unless it popped up and accepted its installation without realizing it. The extension's folder was created on 23/07/2022, it's relatively new and can't remember if I downloaded any pirate software or what else.
This time I was extremely lucky, because a few days ago I was actually planning on moving my funds from Binance in an attempt to find a better APY. Chances are, that I would have lost my money.